1What: /sys/bus/thunderbolt/devices/.../domainX/security 2Date: Sep 2017 3KernelVersion: 4.13 4Contact: thunderbolt-software@lists.01.org 5Description: This attribute holds current Thunderbolt security level 6 set by the system BIOS. Possible values are: 7 8 none: All devices are automatically authorized 9 user: Devices are only authorized based on writing 10 appropriate value to the authorized attribute 11 secure: Require devices that support secure connect at 12 minimum. User needs to authorize each device. 13 dponly: Automatically tunnel Display port (and USB). No 14 PCIe tunnels are created. 15 16What: /sys/bus/thunderbolt/devices/.../authorized 17Date: Sep 2017 18KernelVersion: 4.13 19Contact: thunderbolt-software@lists.01.org 20Description: This attribute is used to authorize Thunderbolt devices 21 after they have been connected. If the device is not 22 authorized, no devices such as PCIe and Display port are 23 available to the system. 24 25 Contents of this attribute will be 0 when the device is not 26 yet authorized. 27 28 Possible values are supported: 29 1: The device will be authorized and connected 30 31 When key attribute contains 32 byte hex string the possible 32 values are: 33 1: The 32 byte hex string is added to the device NVM and 34 the device is authorized. 35 2: Send a challenge based on the 32 byte hex string. If the 36 challenge response from device is valid, the device is 37 authorized. In case of failure errno will be ENOKEY if 38 the device did not contain a key at all, and 39 EKEYREJECTED if the challenge response did not match. 40 41What: /sys/bus/thunderbolt/devices/.../key 42Date: Sep 2017 43KernelVersion: 4.13 44Contact: thunderbolt-software@lists.01.org 45Description: When a devices supports Thunderbolt secure connect it will 46 have this attribute. Writing 32 byte hex string changes 47 authorization to use the secure connection method instead. 48 Writing an empty string clears the key and regular connection 49 method can be used again. 50 51What: /sys/bus/thunderbolt/devices/.../device 52Date: Sep 2017 53KernelVersion: 4.13 54Contact: thunderbolt-software@lists.01.org 55Description: This attribute contains id of this device extracted from 56 the device DROM. 57 58What: /sys/bus/thunderbolt/devices/.../device_name 59Date: Sep 2017 60KernelVersion: 4.13 61Contact: thunderbolt-software@lists.01.org 62Description: This attribute contains name of this device extracted from 63 the device DROM. 64 65What: /sys/bus/thunderbolt/devices/.../vendor 66Date: Sep 2017 67KernelVersion: 4.13 68Contact: thunderbolt-software@lists.01.org 69Description: This attribute contains vendor id of this device extracted 70 from the device DROM. 71 72What: /sys/bus/thunderbolt/devices/.../vendor_name 73Date: Sep 2017 74KernelVersion: 4.13 75Contact: thunderbolt-software@lists.01.org 76Description: This attribute contains vendor name of this device extracted 77 from the device DROM. 78 79What: /sys/bus/thunderbolt/devices/.../unique_id 80Date: Sep 2017 81KernelVersion: 4.13 82Contact: thunderbolt-software@lists.01.org 83Description: This attribute contains unique_id string of this device. 84 This is either read from hardware registers (UUID on 85 newer hardware) or based on UID from the device DROM. 86 Can be used to uniquely identify particular device. 87 88What: /sys/bus/thunderbolt/devices/.../nvm_version 89Date: Sep 2017 90KernelVersion: 4.13 91Contact: thunderbolt-software@lists.01.org 92Description: If the device has upgradeable firmware the version 93 number is available here. Format: %x.%x, major.minor. 94 If the device is in safe mode reading the file returns 95 -ENODATA instead as the NVM version is not available. 96 97What: /sys/bus/thunderbolt/devices/.../nvm_authenticate 98Date: Sep 2017 99KernelVersion: 4.13 100Contact: thunderbolt-software@lists.01.org 101Description: When new NVM image is written to the non-active NVM 102 area (through non_activeX NVMem device), the 103 authentication procedure is started by writing 1 to 104 this file. If everything goes well, the device is 105 restarted with the new NVM firmware. If the image 106 verification fails an error code is returned instead. 107 108 When read holds status of the last authentication 109 operation if an error occurred during the process. This 110 is directly the status value from the DMA configuration 111 based mailbox before the device is power cycled. Writing 112 0 here clears the status. 113